autotoken: splicing; splice_optout

2025-06-13 02:28:09 +00:00 · 2023-01-18 22:17:14 +01:00
parent 8fe5e29104
commit 14d8eb9e40
7 changed files with 155 additions and 11 deletions
--- a/include/afl-fuzz.h
+++ b/include/afl-fuzz.h
@ -344,6 +344,7 @@ enum {
  /* 12 */ PY_FUNC_INTROSPECTION,
  /* 13 */ PY_FUNC_DESCRIBE,
  /* 14 */ PY_FUNC_FUZZ_SEND,
+  /* 15 */ PY_FUNC_SPLICE_OPTOUT,
  PY_FUNC_COUNT

 };
@ -495,6 +496,7 @@ typedef struct afl_state {
      no_unlink,                        /* do not unlink cur_input          */
      debug,                            /* Debug mode                       */
      custom_only,                      /* Custom mutator only mode         */
+      custom_splice_optout,             /* Custom mutator no splice buffer  */
      is_main_node,                     /* if this is the main node         */
      is_secondary_node,                /* if this is a secondary instance  */
      pizza_is_served;                  /* pizza mode                       */
@ -828,6 +830,17 @@ struct custom_mutator {
   */
  u32 (*afl_custom_fuzz_count)(void *data, const u8 *buf, size_t buf_size);

+  /**
+   * Opt-out of a splicing input for the fuzz mutator
+   *
+   * Empty dummy function. It's presence tells afl-fuzz not to pass a
+   * splice data pointer and len.
+   *
+   * @param data pointer returned in afl_custom_init by this custom mutator
+   * @noreturn
+   */
+  void (*afl_custom_splice_optout)(void *data);
+
  /**
   * Perform custom mutations on a given input
   *
@ -1057,6 +1070,7 @@ u8          havoc_mutation_probability_py(void *);
 u8          queue_get_py(void *, const u8 *);
 const char *introspection_py(void *);
 u8          queue_new_entry_py(void *, const u8 *, const u8 *);
+void        splice_optout(void *);
 void        deinit_py(void *);

 #endif